Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Web Search Results Are Altered


  • This topic is locked This topic is locked
22 replies to this topic

#1 capitalradio

capitalradio

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 February 2007 - 04:25 PM

Hello,

Starting Thursday night I noticed that if I clicked on any of the google search results, I would automatically be redirected to a page for a different web engine - like dealtime, shopica, toseeka, etc. I have run many ad-aware, anti-virus, anti-spyware and online scans. Nothing has been detected (except for various cookies).

(I saw the post from someone with a similar problem below. One of the recommendations was to update Java. I work from home and the client application will only run if you have update 7 and nothing higher than that. So hopefully I can get rid of whatever this is without doing that.)

Here is the HiJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 3:07:04 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.arise.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.65.82.147.39
O15 - Trusted Zone: http://*.65.82.147.40
O15 - Trusted Zone: http://*.65.82.147.41
O15 - Trusted Zone: http://*.65.82.147.42
O15 - Trusted Zone: http://*.65.82.147.43
O15 - Trusted Zone: http://*.65.82.147.44
O15 - Trusted Zone: http://*.65.82.147.45
O15 - Trusted Zone: http://*.65.82.147.46
O15 - Trusted Zone: http://*.65.82.147.47
O15 - Trusted Zone: http://*.65.82.147.48
O15 - Trusted Zone: http://*.65.82.147.49
O15 - Trusted Zone: *.arise.com
O15 - Trusted Zone: http://*.im.willowcsn.com/
O15 - Trusted Zone: http://*.support.willowcsn.com/
O15 - Trusted Zone: http://*.vcms.willowcsn.com
O15 - Trusted Zone: http://cybercentral.willowcsn.com
O15 - Trusted Zone: http://*.willowcsn.com/
O15 - Trusted IP range: 65.82.147.*
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webi...ave/Install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://esupport.cf1live.com/esupport/stati.../weblaunch2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/contr...loadcontrol.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://a1776.ff.fullaudio.com.edgesuite.ne...17/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://198.99.241.129/eplayer/V3_1_0_0/acneplayer.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ns.willowcsn.com/dana-cached/setup/...perSetupSP1.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4123.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B05530C-2A72-420A-98F4-1FDB004C2B0E}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DBCA981-3E15-478D-B744-AFF5C215709E}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB90B7B8-B719-4572-BD6D-766294CABF09}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD845181-6F0C-45C2-BC9B-C11DD4031707}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PCtel speaker phone (pctspk) - Unknown owner - C:\WINDOWS\System32\pctspk.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmsbe.exe


I'll come back and post the FixWareOut log shortly. Thanks for your help and time!

BC AdBot (Login to Remove)

 


#2 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 February 2007 - 04:43 PM

Here is the Fixwareout log:


Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
HKLM run and Winlogon System values

System restarted
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

Misc files.

Checking for older varients.

Postrun check
HKLM run
Winlogon System value
"system"=""


PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.

This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
C:\WINDOWS\System32\dmsbe.exe

Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3tray2.exe"
"MMTray"="\"C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_tray.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"VTPreset"="VTPreset.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"CountrySelection"="pctptt.exe"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"AHQInit"="C:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"AudioHQ"="C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"PCTVOICE"="pctspk.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

Hosts file was reset, If you use a custom hosts file please replace it

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:22 PM

Posted 05 February 2007 - 01:45 PM

Hi capitalradio

If HijackThis log is taken before fixwareout, please send a fresh HijackThis log :thumbsup:

If not, just let me know.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 05 February 2007 - 02:54 PM

Hi Shaba - Thanks. Here's a fresh log:

Logfile of HijackThis v1.99.1
Scan saved at 2:45:52 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.arise.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.65.82.147.39
O15 - Trusted Zone: http://*.65.82.147.40
O15 - Trusted Zone: http://*.65.82.147.41
O15 - Trusted Zone: http://*.65.82.147.42
O15 - Trusted Zone: http://*.65.82.147.43
O15 - Trusted Zone: http://*.65.82.147.44
O15 - Trusted Zone: http://*.65.82.147.45
O15 - Trusted Zone: http://*.65.82.147.46
O15 - Trusted Zone: http://*.65.82.147.47
O15 - Trusted Zone: http://*.65.82.147.48
O15 - Trusted Zone: http://*.65.82.147.49
O15 - Trusted Zone: *.arise.com
O15 - Trusted Zone: http://*.im.willowcsn.com/
O15 - Trusted Zone: http://*.support.willowcsn.com/
O15 - Trusted Zone: http://*.vcms.willowcsn.com
O15 - Trusted Zone: http://cybercentral.willowcsn.com
O15 - Trusted Zone: http://*.willowcsn.com/
O15 - Trusted IP range: 65.82.147.*
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webi...ave/Install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://esupport.cf1live.com/esupport/stati.../weblaunch2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/contr...loadcontrol.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://a1776.ff.fullaudio.com.edgesuite.ne...17/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://198.99.241.129/eplayer/V3_1_0_0/acneplayer.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ns.willowcsn.com/dana-cached/setup/...perSetupSP1.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4123.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B05530C-2A72-420A-98F4-1FDB004C2B0E}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DBCA981-3E15-478D-B744-AFF5C215709E}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB90B7B8-B719-4572-BD6D-766294CABF09}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD845181-6F0C-45C2-BC9B-C11DD4031707}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PCtel speaker phone (pctspk) - Unknown owner - C:\WINDOWS\System32\pctspk.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmsbe.exe

#5 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:22 PM

Posted 06 February 2007 - 05:51 AM

Hi

Upload this file -> C:\WINDOWS\system32\dmsbe.exe
to Virustotal and post results here, please :thumbsup:

Also, have you set those 015 Trusted Zones by yourself?

Edited by Shaba, 06 February 2007 - 05:51 AM.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#6 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 06 February 2007 - 10:33 AM

Here is the scan results:

STATUS: FINISHEDComplete scanning result of "dmsbe.exe", received in VirusTotal at 02.06.2007, 16:20:36 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.34 02.06.2007 no virus found
Authentium 4.93.8 02.06.2007 no virus found
Avast 4.7.936.0 02.06.2007 no virus found
AVG 386 02.06.2007 no virus found
BitDefender 7.2 02.05.2007 no virus found
CAT-QuickHeal 9.00 02.06.2007 no virus found
ClamAV devel-20060426 02.06.2007 no virus found
DrWeb 4.33 02.06.2007 no virus found
eSafe 7.0.14.0 02.06.2007 no virus found
eTrust-InoculateIT 30.4.3372 02.06.2007 no virus found
eTrust-Vet 30.4.3372 02.06.2007 no virus found
Ewido 4.0 02.05.2007 no virus found
Fortinet 2.85.0.0 02.06.2007 no virus found
F-Prot 4.2.1.29 02.06.2007 no virus found
Ikarus T3.1.0.31 02.06.2007 no virus found
Kaspersky 4.0.2.24 02.06.2007 no virus found
McAfee 4956 02.05.2007 no virus found
Microsoft 1.2101 02.06.2007 no virus found
NOD32v2 2040 02.06.2007 no virus found
Norman 5.80.02 02.06.2007 no virus found
Panda 9.0.0.4 02.06.2007 no virus found
Prevx1 V2 02.06.2007 no virus found
Sophos 4.13.0 02.05.2007 no virus found
Sunbelt 2.2.907.0 02.02.2007 no virus found
Symantec 10 02.06.2007 no virus found
TheHacker 6.1.6.052 02.05.2007 no virus found
UNA 1.83 02.06.2007 no virus found
VBA32 3.11.2 02.06.2007 no virus found
VirusBuster 4.3.19:9 02.06.2007 no virus found


Aditional Information



The trusted zones were set in front of me by tech support of the company I work for. I recognize and checked them all again this morning to make sure.

Also, thought I should mention that besides the google results being messed with I've also been getting "Virtual memory is low" warnings frequently and also my home page was changed to msn.com one time. I've been using Mozilla as much as possible to avoid the problems.

Thanks again!

#7 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:22 PM

Posted 06 February 2007 - 10:38 AM

Hi

What was the filesize of that file (dmsbe.exe) in VirusTotal report? If 0 bytes, that result isn't correct.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#8 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 06 February 2007 - 02:16 PM

You're right. It showed 0 bytes. I didn't notice when I ran it the first time.

I've tried to either paste the file name directly and also browsing and selecting the dmsbe.exe file itself, but every time I scan it, it shows file size as 0 bytes. Then I attempted to e-mail it to them to scan, but I got the message "The file could not be found do you want to send e-mail anyway".

The file is around 57kb. I don't know why it's showing as 0. Any suggestions?


==============================================
Just an update, I started my computer in safe mode and was able to move that file into the recycle bin. I didn't delete it.

I did several google searches and everything is working fine with that file moved.

Edited by capitalradio, 06 February 2007 - 07:53 PM.


#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:22 PM

Posted 07 February 2007 - 02:06 AM

Hi

Infection may block that file to be sent in VirusTotal, that'a my suggestion.

Try to move that file to another folder from Recycle Bin (not system32) and then another VirusTotal scan

Also do these:

Open HijackThis, click do a system scan only and checkmark these:

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B05530C-2A72-420A-98F4-1FDB004C2B0E}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DBCA981-3E15-478D-B744-AFF5C215709E}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB90B7B8-B719-4572-BD6D-766294CABF09}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD845181-6F0C-45C2-BC9B-C11DD4031707}: NameServer = 85.255.115.52,85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmsbe.exe


Close all windows including browser and press fix checked.

Update AVG anti-spyware, don't scan yet

Boot in safe mode

Scan with AVG anti-spyware and save report

Reboot

Re-run fixwareout

Send:

- a fresh HijackThis log
- AVG anti-spyware report
- fixwareout report
- VirusTotal results
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 07 February 2007 - 12:22 PM

Thank you. I will be updating this post throughout the day as I perform the tasks.

VIRUSTOTAL results:

STATUS: FINISHEDComplete scanning result of "dmsbe.exe", received in VirusTotal at 02.07.2007, 18:11:43 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.34 02.07.2007 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 02.07.2007 could be a corrupted executable file
Avast 4.7.936.0 02.07.2007 no virus found
AVG 386 02.07.2007 no virus found
BitDefender 7.2 02.05.2007 no virus found
CAT-QuickHeal 9.00 02.07.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 02.07.2007 no virus found
DrWeb 4.33 02.07.2007 no virus found
eSafe 7.0.14.0 02.07.2007 Win32.Polipos.sus
eTrust-InoculateIT 30.4.3374 02.07.2007 no virus found
eTrust-Vet 30.4.3374 02.07.2007 no virus found
Ewido 4.0 02.06.2007 no virus found
Fortinet 2.85.0.0 02.07.2007 suspicious
F-Prot 4.2.1.29 02.07.2007 W32/new-malware!Maximus
F-Secure 6.70.13030.0 02.07.2007 no virus found
Ikarus T3.1.0.31 02.07.2007 no virus found
Kaspersky 4.0.2.24 02.07.2007 no virus found
McAfee 4957 02.06.2007 no virus found
Microsoft 1.2101 02.07.2007 Win32/Alureon.A
NOD32v2 2043 02.07.2007 probably a variant of Win32/Small.FB
Norman 5.80.02 02.07.2007 no virus found
Panda 9.0.0.4 02.07.2007 Suspicious file
Prevx1 V2 02.07.2007 no virus found
Sophos 4.13.0 02.05.2007 Mal/Behav-010
Sunbelt 2.2.907.0 02.02.2007 VIPRE.Suspicious
Symantec 10 02.07.2007 Bloodhound.Packed.7
TheHacker 6.1.6.053 02.07.2007 no virus found
UNA 1.83 02.06.2007 no virus found
VBA32 3.11.2 02.07.2007 MalwareScope.Trojan.DnsChange.5
VirusBuster 4.3.19:9 02.07.2007 no virus found


Aditional Information
File size: 57918 bytes
MD5: faa86a73e07292a732ab8c13cfe87777
SHA1: f181ff42b842df70f427afc5b7f1d6aafb56966e
packers: PECRYPT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:22 PM

Posted 07 February 2007 - 12:47 PM

Hi

Now it looks like it should, definitely a baddie :thumbsup:

I have an extra request for you that lonny can update his fixwareout

Could you please upload that file to spykiller ?

No need to register, just enclose url of that topic and attach dmsbe.exe as an attachment and give topic name eg,"Wareout file for Lonny".
Microsoft MVP Consumer Security
Posted Image

Posted Image

#12 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 AM

Posted 07 February 2007 - 02:29 PM

Hi capitalradio and Shaba

Let me but in for a second untill fixwareout is updated

Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it fix.bat > file types *all files*> and save it to desktop.

@echo off
reg ADD "HKLM\SYSTEM\CurrentControlSet\Services\Windows Management Service" /V "start" /t REG_DWORD /D 4 /F  
del /q fix.bat & exit

Run fix.bat
it will run exit and delete itself real quick

restart the PC then make and run this batch the same way you made the first
Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it fix.bat > file types *all files*> and save it to desktop.
@echo off
sc delete "Windows Management Service"
if exist "C:\WINDOWS\System32\dmsbe.exe" del /q "C:\WINDOWS\System32\dmsbe.exe" 
del /q fix2.bat & exit

run fix2.bat

Post a new Hijackthis log for Shaba please

Edited by LonnyRJones, 07 February 2007 - 02:30 PM.


#13 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 08 February 2007 - 08:07 AM

Was finally able to run the complete AVG anti-spyware scan in safe mode. I wasn't completely sure if you wanted me to take action on any of the spotted files yet - especially on the last thing listed.

Here's the report:

C:\System Volume Information\_restore{34F941FE-B22B-4F88-91AD-1A4320C80366}\RP588\A0236217.exe -> Adware.Trymedia : No action taken.
:mozilla.47:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.51:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.52:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.137:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.160:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.161:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.162:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.163:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.10:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.11:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.12:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.13:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.14:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.15:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.98:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.111:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.112:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.113:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.16:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.156:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.157:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.158:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.159:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.90:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.91:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.92:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
:mozilla.184:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.232:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.233:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.234:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.62:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.63:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.64:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.65:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.84:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.99:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@ehg-visioncareholdings.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.122:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.170:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.171:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.172:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.29:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.30:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.144:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.145:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.146:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.147:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.22:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.23:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.24:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.94:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.95:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.77:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.78:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.79:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.80:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.81:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.82:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.138:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.139:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.140:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.141:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.142:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.143:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.152:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.153:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.154:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.97:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jennifer Newton\Cookies\jennifer newton@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.229:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.17:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.148:C:\Documents and Settings\Jennifer Newton\Application Data\Mozilla\Firefox\Profiles\n04aawfq.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{34F941FE-B22B-4F88-91AD-1A4320C80366}\RP585\A0235995.exe -> Trojan.Small : No action taken.


::Report end


Thank you Lonny - will do.

#14 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 08 February 2007 - 08:40 AM

new fixwareout log after previously performing your HijackThis fixes and Lonni's recommendations:


Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
HKLM run and Winlogon System values

System restarted
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

Misc files.

Checking for older varients.

Postrun check
HKLM run
Winlogon System value
"system"=""


PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.

This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.

Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3tray2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"VTPreset"="VTPreset.exe"
"CountrySelection"="pctptt.exe"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"AHQInit"="C:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"AudioHQ"="C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"PCTVOICE"="pctspk.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

Hosts file was reset, If you use a custom hosts file please replace it

#15 capitalradio

capitalradio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 08 February 2007 - 08:45 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:40:20 AM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\pctspk.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.arise.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.65.82.147.39
O15 - Trusted Zone: http://*.65.82.147.40
O15 - Trusted Zone: http://*.65.82.147.41
O15 - Trusted Zone: http://*.65.82.147.42
O15 - Trusted Zone: http://*.65.82.147.43
O15 - Trusted Zone: http://*.65.82.147.44
O15 - Trusted Zone: http://*.65.82.147.45
O15 - Trusted Zone: http://*.65.82.147.46
O15 - Trusted Zone: http://*.65.82.147.47
O15 - Trusted Zone: http://*.65.82.147.48
O15 - Trusted Zone: http://*.65.82.147.49
O15 - Trusted Zone: *.arise.com
O15 - Trusted Zone: http://*.im.willowcsn.com/
O15 - Trusted Zone: http://*.support.willowcsn.com/
O15 - Trusted Zone: http://*.vcms.willowcsn.com
O15 - Trusted Zone: http://cybercentral.willowcsn.com
O15 - Trusted Zone: http://*.willowcsn.com/
O15 - Trusted IP range: 65.82.147.*
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webi...ave/Install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://esupport.cf1live.com/esupport/stati.../weblaunch2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/contr...loadcontrol.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://a1776.ff.fullaudio.com.edgesuite.ne...17/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://198.99.241.129/eplayer/V3_1_0_0/acneplayer.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ns.willowcsn.com/dana-cached/setup/...perSetupSP1.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4123.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PCtel speaker phone (pctspk) - Unknown owner - C:\WINDOWS\System32\pctspk.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users